diff options
author | David S. Miller <davem@davemloft.net> | 2018-01-05 18:33:01 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-01-05 18:33:01 +0300 |
commit | f737be8d61f251d2c1632f871ba824aa5a512384 (patch) | |
tree | 7aea2c6a1184ef022303a725efafe406b8050006 /net | |
parent | 6926e041a8920c8ec27e4e155efa760aa01551fd (diff) | |
parent | 8bea728dce8972e534e6b99fd550f7b5cc3864e8 (diff) | |
download | linux-f737be8d61f251d2c1632f871ba824aa5a512384.tar.xz |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Fix chain filtering when dumping rules via nf_tables_dump_rules().
2) Fix accidental change in NF_CT_STATE_UNTRACKED_BIT through uapi,
introduced when removing the untracked conntrack object, from
Florian Westphal.
3) Fix potential nul-dereference when releasing dump filter in
nf_tables_dump_obj_done(), patch from Hangbin Liu.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 10798b357481..07bd4138c84e 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2072,7 +2072,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb, continue; list_for_each_entry_rcu(chain, &table->chains, list) { - if (ctx && ctx->chain[0] && + if (ctx && ctx->chain && strcmp(ctx->chain, chain->name) != 0) continue; @@ -4665,8 +4665,10 @@ static int nf_tables_dump_obj_done(struct netlink_callback *cb) { struct nft_obj_filter *filter = cb->data; - kfree(filter->table); - kfree(filter); + if (filter) { + kfree(filter->table); + kfree(filter); + } return 0; } |